While it might be a stretch to say that we live our lives online, it is a simple fact that we interact with the internet for a significant portion of our days. Many of our interactions — certainly our most important and valuable ones — are controlled by an ID and a password. We know we’re not supposed to reuse the same password for multiple sites, but it gets hard not to do that when you have so many.
I wanted to know how many passwords I had. I thought about it for a minute or two and then spent less than three minutes flipping through apps on my phone, and within a total of five minutes I came up with 50 passwords. FIFTY! I know that’s not a comprehensive list. I have only seven that are work related. (I’m lucky that way; I know many of my clients have dozens!) I have seven different banking passwords. Ten more are house related, like ComEd and Comcast. Only four are social media passwords — for Facebook, Instagram, Twitter and LinkedIn. I’ve got four accounts for getting around, like Uber and my Illinois Tollway Pass. Netflix and Pandora are just two of the eight accounts I have for entertainment. I can think of five I use for shopping, but I know there are more. Those 50 passwords are tied to, at most, three different email accounts. My work accounts use my work email, and my personal accounts use my Hotmail account almost exclusively, with just a couple using my Gmail account.
So how many unique passwords do I use? Probably about 10, which means that, on average, I’m using the same password five times. I know I’m not supposed to reuse passwords, but why? Why does it matter, especially if I have a good password?
You’ve almost certainly heard about Yahoo being breached. Millions of accounts were compromised. You probably heard about LinkedIn being breached. You probably heard about breaches at Facebook and Twitter. And on and on. You probably rolled your eyes and shook your head. Maybe you reset your password. But did you go reset your password on every other account where you used that same email and password? Well, that is what the bad guys wanted. They didn’t hack Yahoo because they wanted to read your email. They hacked Yahoo because they bet that you used the same email and password to sign in to Amazon. Or a credit card account. Or your internet banking account. That’s what they’re after.
So what do you do? Turn on multifactor authentication for everything you possibly can. Make your internet banking password as complicated as you possibly can, and never use that password for anything else. EVER! Get a password manager application; this creates a large, complex, unique password for every application you need, and you simply copy and paste that password when you need to log in to each of your accounts.
Do you want to know if your employees are using strong passwords in your environment? Have us perform a password-cracking exercise for your organization. After the initial shock of the results wears off, we’ll also be happy to help train your team.